WordPress Gravity Forms Plugin < 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Type Plugin Vulnerable versions 2.7.5 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2701 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 17cbc85493b8 Credits Fioravante Souza WPScan...

WordPress Plugin FancyThemes Optin Forms–Simple List Building 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

NEX-Forms < 8.4.4 - Authenticated Stored XSS

The plugin does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins in multisite / admins in single site can create forms, however there is a settings allowing them to give lower roles access to such feature. Create a new form with the...

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

GHSA-JHPR-J7CQ-3JP3 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error

Impact An authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the...

WordPress Ninja Forms Plugin <= 3.6.24 is vulnerable to Arbitrary File Deletion

Software Ninja Forms Type Plugin Vulnerable versions = 3.6.24 Fixed in 3.6.25 OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2023-36505 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 711180726eeb Credits Theodoros Malachias...

PT-2023-24682

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.2 Description An authenticated malicious actor with Admin privileges could trigger a database error by adding a special character on the add or edit User forms. This error can be surfaced back to the acto...

Ninja Forms < 3.6.25 - Admin+ Arbitrary File Deletion

The plugin does not validate the path of files to be deleted, which could allow administrators to delete arbitrary files on the server even when they should not be able to...

WordPress Ninja Forms Google Sheet Connector Plugin < 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Ninja Forms Google Sheet Connector Type Plugin Vulnerable versions 1.2.7 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2333 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3ac3c4160a9a Credits Erwan...

WordPress Elementor Forms Google Sheet Connector Plugin < 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Elementor Forms Google Sheet Connector Type Plugin Vulnerable versions 1.0.7 Fixed in 1.0.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2324 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9c0650ee0f4a Credits...

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. Make a logged in admin open the following URL:...

Gravity Forms < 2.7.5 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin. PoC Make a logged in admin open the following URL:...

CVE-2023-35095

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2023-35095

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2023-35095

CVE-2023-35095 affects the WordPress plugin Flo Forms – Easy Drag & Drop Form Builder (Flothemes) up to version 1.0.40. The vulnerability is an authenticated (admin+) Stored Cross‑Site Scripting (XSS) flaw in Flo Forms, requiring admin privileges to exploit. The issue is grounded in the plugin’s ...

CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

CVE-2023-35095 WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin = 1.0.40 versions...

PT-2023-25144 · Flothemes · The Flo Forms – Easy Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin versions 1.0.40 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerabilit...